Privacy Policy

Vuvuzela-Privacy-Statement-full

Privacy Policy Statement

Introduction
The Vuvuzela Hotline (Pty) Ltd understands the critical importance of protecting your personal data.
This Privacy Policy Statement sets out how The Vuvuzela Hotline (Pty) Ltd manages data submitted by users using Vuvuzela website forms and mobile applications.
This policy also represents the commitment of The Vuvuzela Hotline (Pty) Ltd to compliance with its obligations under South Africa’s Protection of Personal Information Act 4 of 2013 (POPIA). Where applicable, we also comply with additional data protection laws, such as the European General Data Protection Regulation (GDPR).
The Vuvuzela Hotline (Pty) Ltd is an entity established under the laws of South Africa with company registration number 2005/020883/07, fully owned Strategic Investment Holdings (Pty) Ltd.
Vuvuzela provides to its subscriber’s various channels of communication, 24 hours a day, 365 days a year, for communities, through private and public sector organizations and businesses, to voice concerns about crime, abuse, bribery, unethical or corrupt behavior, empowering employees and stakeholders to speak up and blow the whistle on corruption.
Vuvuzela is an independent external fraud and ethics hotline service, which guarantees anonymity, of users wishing to remain anonymous. Anonymous reporting of criminal, irregular or unethical activity can be done through any of our communication channels for those organizations that subscribe to our fraud and ethics hotline services. Some data privacy processes apply to all parties that interact with Vuvuzela, while certain special provisions apply to those using our channels on an anonymous and confidential basis to report unethical conduct.
Data privacy of persons who report criminal, irregular or unethical activity using our fraud and ethics hotline
Vuvuzela receives and processes information received in reports made via the various communication channels to its fraud and ethics hotline. Once report information and details are captured and processed the details of these reports are sent to the subscribing customer organization. The personal data privacy processes applied by Vuvuzela to reports made to our fraud and ethics hotline on an anonymous and on a non-anonymous basis are explained. As Vuvuzela provides a fraud and ethics hotline service, Vuvuzela is an operator on behalf of the subscribing organization.
2.1 Data privacy of persons who report anonymously or on a confidential basis
When using our fraud and ethics hotline service to report unethical activity, you need to be able to communicate with Vuvuzela in full confidence that your identity will remain anonymous, unless you choose to disclose your details to us. If you choose to disclose your identity, we will keep your identity confidential and will never disclose your details to your employer or to the organization concerned, if you are not their employee.
We do not use cookies or other technology tools that could enable your identification when you browse our website or enter information into our web forms. This site does not collect internet log information such as your IP address, browser type and language, access times or referring website addresses. To ensure that this Website is well managed and to facilitate improved navigation, we use cookies (small text files stored in a user’s browser), which are session based and only last for the specific session for which you use the Website. The information collected is not stored beyond the individual session and would therefore not compromise privacy
No personal information is required in order to access information on our website or to make a report using our web-based form or mobile application.
2
Only the data that you specifically choose to give us during reporting is processed in the report to the subscribing customer organization. Our careful anonymization process removes any identifying information that could potentially reveal your identity. Data anonymization is the process of protecting private or sensitive information by erasing or encrypting identifiers that connect an individual to stored data.
The anonymized report is only sent to the person at the customer organization concerned which is entrusted with the responsibility of receiving anonymous and confidential reports of criminal, irregular or unethical activity.
The customer organization concerned may choose to share the anonymized report with a third party such as internal or external investigators or auditors, but we will never reveal information about your identity.
2.2 Data privacy of persons who report on an open, non-confidential named basis
Notwithstanding the commitment to the anonymity and confidentiality of whistleblowers using the Vuvuzela fraud and ethics hotline as set out in 2.1, there are instances in which reports are made on a voluntarily
open, non-confidential named basis, or when whistleblowers choose during the course of the reporting process to change their report from anonymous to open.
These will include:
▪ Complainants to companies who need to provide their contact details in order for their complaints to be investigated, and so explicitly agree to our communication of their contact details, in conjunction with their report, to the company concerned.
▪ Whistleblowers who have made their reports to Vuvuzela on an anonymous basis or in confidence and who subsequently revise their request for anonymity or confidentiality and agree to the disclosure of their personal information to the organization concerned.
▪ With the express permission of those detailed here in section 2.2, their personal contact information will be conveyed to the organization concerned in order to facilitate the progress and conclusion of an investigation or matter.
You can also be assured that:
▪ It is our contractual obligation as an operator providing fraud and ethics hotline service to subscribing organizations that Vuvuzela implements and maintains appropriate and reasonable technical and organizational measures to protect the loss, damage, unauthorized destruction and unlawful access or processing of personal information.
▪ Vuvuzela’ IT infrastructure provides for the electronic maintenance of all data.
▪ Call recordings are secure, encrypted and fully compliant with (FICA, POPI, FAIS and CPA). The calls are backed up and stored securely in the cloud. Access to call recordings is restricted and password protected and limited to the Call Centre Manager and the Finance and Compliance Manager.
▪ Vuvuzela is contractually committed to its clients to provide its service in accordance with the ethics hotline industry prescribed level as set out in the Safeline-EX Standard for External Whistle-blowing Hotline Service Providers.
This includes a commitment to maintaining best-practice norms and standards as derived from international practices in terms of the provision of an independent, external safe reporting facility for organizations.
▪ Vuvuzela is certified annually by The Ethics Institute against the Safeline-EX Standard and proof of certification is available on request using the contact details at the end of this document.
3
What personal information do we collect?
If you request Vuvuzela to send you information on our professional services, through our website ‘Contact Us” or directly by emailing us, we will collect your contact details, i.e. name, surname, email address, telephone number. We will collect that information and use it to follow up on your request.
If you are our customer we will collect your contact details, your details required for billing purposes and also information that will make it possible for us to render the professional services for which we were appointed.
We collect data that tells us about the number of visits to our website and the number of times each page is visited, to help us monitor our website performance. This data cannot be linked to the identity of any visitor to our website.
Our third-party service providers have no access to information that you choose to submit to Vuvuzela using our webforms and application.
What personal information do we not collect?
We never collect any so-called ‘sensitive personal information’ including information relating to your health, religion, political beliefs, race or sexual orientation, except if you voluntarily share this information with us or unless we are required to do so by law.
How do we collect personal information?
We collect personal information or data, specifically: contact details, names, surnames, email addresses, telephone numbers, designations, company details, company name, physical address, postal address, company registration number or VAT registration number in order to undertake the commercial operations and professional services offered by Vuvuzela.
This excludes those individuals which use our fraud and ethics hotline services to make anonymous reports, unless you choose to provide this information voluntarily.
In order to maintain and manage business with existing customers and to establish business with potential customers we need to maintain communications with stakeholders, we may from time to time collect personal information in a variety of ways including when:
▪ Marketing our services
▪ Responses to business enquiries and requests
▪ Management of our administrative and business functions (e.g. procurement, invoicing and payments).
▪ Persons apply for employment with us
▪ We obtain feedback from customers regarding our service
What do we do with your personal data or information?
We collect and use your personal information to provide you with the professional services for which we were appointed or to provide you with the information on our services you have requested.
We could use your personal information to:
4
▪ Advise you on our services
▪ Respond to enquiries or requests
▪ Send communications or responses to you
▪ Update our contact records
▪ Develop, provide, and improve our services
▪ Obtain feedback from you on our services
▪ Establish, manage, and maintain our business relationships
▪ Conduct administrative and business functions
▪ Recruitment of employees
▪ Process and respond to privacy questions, concerns and complaints
▪ Fulfil legal and contractual obligations.
We are advocates of the “confidentiality, integrity, availability” (CIA) method.
Confidentiality: only the people who need to know will have access to your personal information.
Integrity: only a designated few will be able to update your personal information.
Availability: your personal information will be available when needed.
Personal information inadvertently provided by individuals, which indicated that they wish to remain anonymous, when reporting using our fraud and ethics hotline services, will not be used
Sharing data with third parties
The personal data or information in our position, with the exception of that relating to those using our fraud and ethics hotline for anonymous and confidential reporting, may be shared by us with third parties who are themselves required to comply with the privacy legislation as set out in the introduction to this policy, under the following circumstances:
▪ Where required to comply with judicial proceedings, court orders or government orders.
▪ To protect the rights, property or safety of The Vuvuzela Hotline (Pty) Ltd, its business partners, you, or others, or as otherwise required by applicable law
▪ In response to a request for information by a competent authority in accordance with, or required by any applicable law, regulation or legal process
▪ In connection with any joint venture, merger, the sale of company assets, consolidation or restructuring, financing, or acquisition of all or a portion of our business by or to another company.
▪ Where you consent to the sharing of your personal data.
The Vuvuzela Hotline (Pty) Ltd may transfer your personal data or information to organizations within the Republic of South Africa as well as other countries where we do business in connection with for the purposes identified above and in accordance with this Privacy Statement.
▪ Where The Vuvuzela Hotline (Pty) Ltd processes your personal data based on your consent, you may withdraw your consent at any time for future processing.
▪ You may request access to and correction of your personal data which is held by us at any time.
▪ You may object to the processing of your personal data at any time.
▪ You may lodge a complaint with a data protection authority if you believe that your rights relating to the protection of your personal data have been breached or that your personal data has been compromised.
▪ Where The Vuvuzela Hotline (Pty) Ltd transfers your personal data to third parties, The Vuvuzela Hotline (Pty) Ltd requires those third parties to sign agreements which include the SCCs (or other data transfer mechanism approved by the Commission).
Links to third party websites
5
Our website contains links to sites operated by third parties such as the mobile application stores which enable users to download our mobile application. We make no representations or warranties in relation to the privacy practices of any third-party site or application, and we are not responsible for any third-party content or privacy statements. Your use of such sites and applications is subject to the relevant third-party privacy statements.
Information security
The Vuvuzela Hotline (Pty) Ltd is committed to protecting your personal data and information from misuse, loss, unauthorized access, modification or disclosure by using a combination of physical, administrative and technical safeguards and contractually requiring that third parties to whom we disclose your personal data do the same.
When you submit or post personal data online, you should be aware that the internet is not completely secure. The Vuvuzela Hotline (Pty) Ltd cannot guarantee the security of any personal data that you submit or post online but it can assure you that in its own collection and processing of this data that your privacy rights will always be honored and protected
We have in place reasonable commercial standards of technology and operational security to protect the information provided by users via this Website from unauthorized access, disclosure, alteration, or destruction. We use a range of physical, operational and technological security measures to protect this information. These measures include:
▪ Employee training to ensure our employees are aware their privacy obligations when handling your personal information. All call centre media is managed and restricted as extremely confidential, as require in terms of the Protected Disclosures Act. All employees have signed confidentiality and non- disclosure.
▪ Our software, servers and recordings are all 100% in the cloud and administrative and technical controls to restrict access to personal information to only those of our employees who require access;
▪ Technological security measures, including firewalls, encryption and anti-virus software.
▪ Physical security measures, access control cards to building, security gate to call centre with biometrics system fingerprint reader
Marketing
We do not provide your personal data to unaffiliated third parties for direct marketing purposes or sell, rent, distribute or otherwise make personal data commercially available to any third party.
We won’t use it for a purpose that you were not aware of or that you have not given us consent for.
Retention of your personal information
12.1 Retention of personal data not provided via a fraud and ethics hotline report
We retain personal data for as long as is necessary, between 5-15 years as prescribed, to fulfil the purposes for which it was collected or to comply with legal obligations, resolve disputes, protect our assets, or enforce agreements. Depending on the purpose, retention periods will vary. The criteria we use to determine retention periods include whether we are under a legal, contractual or other obligation to retain personal data including pursuant to data retention laws, as part of an investigation or for litigation purposes; or personal data is needed to provide our solutions and services business, including performance improvement and to maintain accurate business and financial records.
12.2 Retention of personal data received via fraud and ethics hotline reports
6
Vuvuzela retains all data received via fraud and ethics hotline reports, for a maximum of 5 years or as required by our customer, and all reports that it subsequently prepares for and submits to its clients, in accordance with the provisions of all applicable laws.
Depending upon the jurisdiction in which they operate, the contractual obligations agreed with our clients in respect of data retention and data removal vary. For more information about data retention practices in respect of different legal jurisdictions please make use of the contact details at the end of this policy.
Changes to our privacy statement
We may update, modify or amend this Privacy Statement from time to time at our discretion. If we do make changes, we will post the revised version on our website and update the revision date at the top of this page. We encourage you to periodically review this Privacy Statement to be informed about how we are protecting your information
How you can access or amend personal data
If you wish to access, correct, update, block, or delete personal data that we hold about you, please write to us using the contact details set out at the end of this Privacy Statement. We will respond within a reasonable period and, at the latest, within 30 days of the date of your request.
How to contact us
If you have any questions or concerns regarding your privacy while using this Website or you wish to make a complaint, please contact The Vuvuzela Hotline (Pty) Ltd.’s Finance and Compliance Manager using the following contact details:
Email: office@thehotline.co.za
Telephone: +27 12 682 8800
Visitors who would like to request access to their information or to update their details should contact us via email. In all cases we will treat requests to access information or change information in accordance with applicable legal requirements

 

Please view the PDF version of our privacy policy by clicking on the link below:

Vuvuzela-Privacy-Statement-full

 

The hotline